Our hack used five ESP-12E modules to disrupt the widest possible range of the 2.4GHz range. For this, the modules were configured as WLAN Access Point, each on a different channel. Since the WLAN within the event area is mostly operated on channels 1, 6 and 11, channels 2, 5, 7, 9 and 12 were used for the jammers.
The transmitter and receiver of the victim network were a Sony Experia Z3 mobile phone and a UE Boombox, which were paired via Bluetooth. A soundcloud music stream was used as data stream.
The WifiAcessPoint example code from the Arduino ESP8266 library, which configures an access point, served as the code base. Each AP was named after its Wifi channel, in the scheme "ESPapxx", where xx corresponds to the channel. To increase the amount of traffic generated by each module, the interval in which the access points call their own name (a so-called "beacon") has been reduced to 1 ms (preconfigured is 200 ms). For this the ESP8266WiFiAp.cpp file of the ESP library was edited and beacon_interval was set to 1ms.
To further reduce the signal-to-noise ratio, various Cantenna prototypes were tested on plastic parts and aluminum foil. The configured modules were placed inside the plastic housing and then wrapped in aluminum foil from the outside. Thus, a reflection and bundling of Wifi radiation can be achieved without generating short circuits on the pins of the modules.
Unfortunately, we discovered that Bluetooth music streaming is a very robust protocol. Neither encircling the sender's smartphone with disturbing wireless channels nor the receiving Bluetooth speaker could significantly affect the quality of music playback. The maximum distance between transmitter and receiver for trouble-free music reproduction was 20m both with or without Jammer influence. An effective shielding of the loudspeaker from the data stream was only achieved by completely wrapping the loudspeaker in alumnium foil. Even then an almost interference-free operation could be detected up to 50cm away from transmitter and receiver.
Analysis & Outlook:
The Bluetooth protocol has been extended with so-called Adaptive Frequency Hopping with version 1.2, which allows the data stream to change frequency in a predefined pattern up to 1600 times per second. Highly noisy regions (e.g. strongly used wifi channels) are excluded from the hopping pattern. Additionally, Bluetooth divides the 2.4GHz band into 79 more narrow channels instead of 14 like the Wifi protocol. This explains why five Wifi jammers in the immediate environment are not enough to disturb a music stream sufficiently. The Bluetooth participants thus bypass the interference areas we have generated.
An effective Bluetooth interference thus requires an even wider interference signal in the 2.4 GHz spectrum. The trivial solution would be to use a magnetron from a scrapped microwave. This approach is any health concern for all parties involved and requires a 220V connection, so it is not mobile.
A better alternative seems to us jamming by means of own operated Bluetooth networks, since these jammers then utilize the finer distribution of the 2,4GHz volume and the high-frequency channel hopping The basis for this can be ESP32 modules, which is the successor to the ESP8266 we used in this hack. Among other things, this chip generation is equipped with a Bluetooth module. We suggest to operate multiple device pairs (one master and one slave device each) each in their own bluetoothnetwork (a so-called piconet) while sending random generated data. With a sufficient number of these jammer pairs near a music stream, the chance of data collision increases, and thus the music stream interruption we have achieved. The chance of two small bluetooth networks collide in data is only 1,5%, so several networks in parallel are needed to effectively jam
IEEE COMMUNICATIONS LETTERS, VOL. 7, NO. 8, AUGUST2003 "Refinements to the Packet Error Rate Upper Bound for Bluetooth Networks"